Blockchain-powered adult entertainment platform SpankChain hacked for $42,000

09 Oct, 2018
by Richard Allen
News
Blockchain-powered adult entertainment platform SpankChain hacked for $42,000

Adult industry-based cryptocurrency project SpankChain has suffered a hack of 165.38 ETH, around $38,000, according to a blog post.

The hack took place on Saturday at 6:00 pm PST. An unknown hacker managed to breach the system and abscond with 165.48 ETH from the project’s payment channel smart contract. Another $4,000 worth of the platform’s ICO token, BOOTY, was immobilized bringing the total financial impact to $42,000.

The team was in the middle of investigating other smart contract bugs at the time of the hack. As a result, the company wasn’t aware the hack had taken place until 7:00 pm PST on Sunday. Spank.Live was immediately taken offline to prevent any further funds from being deposited into the smart contract.

The team has so far figured out that the hacker exploited a “reentrancy” bug, very similar to the one exploited in the DAO hack.

“In short, the attack capitalized on a “reentrancy” bug, much like the one exploited in The DAO. The attacker created a malicious contract masquerading as an ERC20 token, where the “transfer” function called back into the payment channel contract multiple times, draining some ETH each time,” the announcement reads.

The company state that they decided to forego a security audit for the payment channel as it could have cost as much as $50,000. A hefty price tag at the time but SpankChain admit it would have been worth it with hindsight.

Moving forward, the company has stated that it will be improving its security practices as well as ensuring multiple internal audits and at least one external professional audit are done for any smart contract code published.

To reimburse $9,300 that belonged to users, SpankChain has said that they will airdrop 49,300 in ETH to the affected users SpankPay accounts while the website is rebooted over the next few days.

Follow Chepicap now on Twitter, Telegram, and Facebook!

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage